It's no longer a ban / blacklist. It's a whitelist with extremely strict rules and DPI inspection. You can connect to example.com ONLY if it is whitelisted, and only if you use this specific IP and Port, with this specific TLS handshake fingerprint and certificate, and the first N packets follow these timing / length patterns.

A few weeks ago a very clever way to bypass the SNI whitelist was introduced [1] (SNI spoofing for cloudflare!) but it was subsequently blocked. Some claim that at this moment all outbound TCP connections are terminated inside the firewall / ISPs and therefore methods like [1] based on injecting fake or problematic TCP packets no longer work. It seems like even SYN-free TCP connections (again, breaking protocol) are no longer accessible.

[1] https://github.com/therealaleph/sni-spoofing-rust

Archive - https://ghostarchive.org/archive/BjCwU

Are there other sources than a linkedin post? I try to be a bit more critical of information in times of war. God knows we've been lied to before, by all sides. I've seen janitorial schedules be presented as a terrorist sign in sheets.